Implements OAuth 2.1 with PKCE as an alternative authentication methodto session tokens. When connecting to a Coder deployment that supportsOAuth, users can choose between OAuth and legacy token authentication.Key changes:OAuth Flow:- Add OAuthSessionManager to handle the complete OAuth lifecycle: dynamic  client registration, PKCE authorization flow, token exchange, automatic  refresh, and revocation- Add OAuthMetadataClient to discover and validate OAuth server metadata  from the well-known endpoint, ensuring server meets OAuth 2.1 requirements- Handle OAuth callbacks via vscode:// URI handler with cross-window  support for when callback arrives in a different VS Code windowToken Management:- Store OAuth tokens (access, refresh, expiry) per-deployment in secrets- Store dynamic client registrations per-deployment in secrets- Proactive token refresh when approaching expiry (via response interceptor)- Reactive token refresh on 401 responses with automatic request retry- Handle OAuth errors (invalid_grant, invalid_client) by prompting for  re-authenticationIntegration:- Add auth method selection prompt when server supports OAuth- Attach OAuth interceptors to CoderApi for automatic token refresh- Clear OAuth state when user explicitly chooses token auth- DeploymentManager coordinates OAuth session state with deployment changesError Handling:- Typed OAuth error classes (InvalidGrantError, InvalidClientError, etc.)- Parse OAuth error responses from token endpoint- Show re-authentication modal for errors requiring user action

* Remove proactive oauth refresh interceptor* Unify secretsManager set/get/clear functions* Add login queue to loginCoordinator* Add "Cancel" button to the OAuth flow

… session token